• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Consent to privacy in e-commerce and SaaS: A breach of the GDPR?

1. June 2023
in Data protection Law, Law on the Internet
Reading Time: 5 mins read
0 0
A A
0
dsgvo 3589608 1280
Key Facts
  • Consent to the privacy policy could violate the GDPR and the principle of good faith.
  • The EDPB 's decision emphasizes the inadmissibility of obtaining consent in data protection declarations.
  • Obtaining consent without authorization can lead to significant legal consequences, including administrative sanctions.
  • Companies must regularly review and adapt their data protection declarations and terms of use.
  • Compliance with the GDPR protects customer trust and strengthens the company's reputation.
  • A breach of the GDPR can cause customer churn and reputational damage.
  • The GDPR requires continuous efforts and proactive measures for compliance.

Introduction

Content Hide
1. Introduction
2. The AGB-legal dimension
3. The decision of the European Data Protection Board and its legal details
4. The EDSA decision and its impact on online providers
5. The impact on e-commerce and SaaS providers
6. The role of the GDPR in the digital world
6.1. Author: Marian Härtel

In my work in the world of e-commerce and SaaS providers, it is a common practice to ask users to consent to the privacy policy. However, this seemingly harmless action could have profound legal consequences. Have you ever considered that this practice could be a violation of the General Data Protection Regulation (GDPR) and breach the principle of good faith?

In this blog post, I shed light on this complex and often overlooked topic. I refer to a recent, but possibly quickly overlooked, decision by the European Data Protection and Privacy Authority (EDSA) and discuss how it might affect the landscape of digital commerce.

The question I am asking is not just theoretical. It could have significant practical implications for the way e-commerce and SaaS providers design and present their privacy statements. It could even lead to the need to adapt store systems and marketing funnels to meet legal requirements.

This blog post is a must-read for anyone working in the digital economy who understands the importance of privacy compliance. Get ready to challenge your previous assumptions and take a fresh look at your company’s privacy policy.

The AGB-legal dimension

Obtaining consent to the privacy policy may result in the privacy policy being subject to strict control under GTC law. This may result in certain information in the privacy policy being judged as invalid clauses. In addition, there is a risk that such clauses could be subject to warnings as violations of competition law.

Pursuant to the judgment of the Court of Appeal of December 27, 2018 (23 U 196/13), certain clauses in the data protection declaration that unreasonably disadvantage customers and cannot be reconciled with essential basic ideas of the statutory regulation from which a deviation is made (Art. 6 (1) DSGVO) may be judged invalid (Section 307 (1) Sentence 1, (2) No. 1 BGB).

In particular, it was held that the mere unilateral promulgation of certain data processing practices by a clause user does not constitute consent of the data subject. Informing customers about data processing practices that the defendant allows itself and that its customers have to accept without being asked does not replace their consent. The argument that the Data Protection Directive at issue is not made the subject of consent, but merely referred to for information purposes, and that at no point in the provisions complained of by the plaintiff is there any mention of the consumer consenting to data processing, ultimately turns on them. This is precisely because the inadmissible deviation of the clauses from the statutory regulation lies in the fact that they give the consumer the incorrect impression that the defendant is entitled to process personal data without the consumer’s consent being relevant.

In addition, it was held that the use of clauses which give the customer the impression that he must accept them as a binding provision in the event of a dispute constitutes general terms and conditions within the meaning of Section 305 (1) of the German Civil Code. 1 sentence 1 BGB can apply. According to their objective wording, these clauses can only be understood as binding regulations of the existing contractual relationship or the contractual relationship to be initiated.

In light of the Kammergericht’s decision and the requirements of the European General Data Protection Regulation (GDPR), the question arises as to whether companies should require consents at all when using legal texts such as general terms and conditions (GTC) and privacy statements on online services. The stringent requirements for the effectiveness of such consents and the potential legal consequences of failing to comply with these requirements make it a complex and risky undertaking.

The decision of the European Data Protection Board and its legal details

The EDSA decision underlines the inadmissibility of obtaining consent in privacy notices and the possible violation of the GDPR, especially if the notice is merely an information notice under Art. 13 GDPR. This decision emphasizes the principle of good faith, which is intended to ensure a fair balance between the business interests of data controllers and the rights and requirements of data subjects. The decision highlights that the basic principles of processing listed in Article 5 of the GDPR may be violated, which may result in significant administrative penalties. In addition, the deadline for compliance with the decision was reduced from six months to three months.

The EDSA decision goes into the full legal details and emphasizes that the possibility to specifically consent to a certain processing falls under Article 6(1)(f) GDPR. It notes that WhatsApp users were forced to agree to the terms of service and privacy policy, which confused users’ expectations. WhatsApp’s processing cannot therefore be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The EDSA decision and its impact on online providers

The decision of the European Data Protection Supervision Authority (EDSA) has far-reaching implications for the practices of online providers. In particular, WhatsApp’s practice of forcing users to agree to its terms of use and privacy policies has been criticized. The EDSA decision clarifies that this practice cannot be considered ethical and truthful, as it is confusing in terms of the type of data processed, the legal basis used and the purposes of the processing.

The decision also has implications for other online providers. It raises serious questions about the practices and user funnels of online providers and calls for a thorough review and adjustment of their privacy statements and terms of use. It is therefore important to emphasize that the implications of this decision may be far-reaching and that each case should be evaluated individually.

The impact on e-commerce and SaaS providers

Many e-commerce and SaaS providers have not yet fully recognized the potential legal issues associated with obtaining consent for their privacy policies. This practice may not only be problematic under GTC law, but may also constitute a violation of the GDPR itself. Therefore, it is important that providers reconsider this practice and adjust it if necessary. The legal explanations in the EDSA decision underline the need for clear and understandable consent to data processing. The mere unilateral announcement of certain data processing practices by a provider does not constitute consent of the data subject. Information about data processing practices that the provider allows itself and that its customers have to accept without being asked does not replace their consent. This may result in significant legal consequences, including administrative penalties.

It is therefore crucial that providers review their privacy statements and terms of use and ensure that they comply with the requirements of the GDPR. This includes providing clear and understandable information about data processing practices and obtaining explicit consent from users for data processing, when such consent is necessary in the given situation. In addition, providers should keep in mind that simply providing information about data processing practices is not sufficient to obtain user consent. You must ensure that users have the option to refuse consent and that this decision is respected.

Conversely, however, it is also true that consent should probably NOT be obtained for pure “information” on data processing or the manner of data processing without the GDPR stipulating consent.

The role of the GDPR in the digital world

In today’s digital world, the General Data Protection Regulation (GDPR) plays a crucial role. It serves to protect the privacy of citizens and to oblige companies to handle personal data responsibly. The GDPR has raised awareness of data protection issues and increased standards for handling personal data. The EDSA’s decision underscores the importance of the GDPR and shows that violations of this regulation can have serious consequences. It also shows that compliance with the GDPR is not only a legal obligation, but also an important aspect of building trust and credibility with customers.

A breach of the GDPR can not only lead to legal consequences, but also undermine customer trust in your company and damage your reputation. Therefore, it is in your best interest to ensure that you comply with the Privacy Policy.

It is important to emphasize that compliance with the GDPR is not just a matter of complying with the law. It is also about acting ethically and responsibly. Companies that respect and protect the privacy of their customers are likely to have a competitive advantage by gaining the trust and loyalty of their customers.

In conclusion, it is important to emphasize that compliance with the GDPR requires a continuous effort. Data protection is not a one-time event, but an ongoing process that requires regular reviews and adjustments. Organizations need to be proactive and ensure they are up to date with the latest data protection regulations and practices.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AGBConsumerCourt of AppealCustomizationGeneral Data Protection RegulationGeneral Terms and ConditionsLawsmarketingPrivacyRegulationSaasWhatsapp

Weitere spannende Blogposts

Esports tournament winnings: when and how are they taxable?

ce956c7a26bdb4f4bc2bf92a0fb460ec
13. August 2024

As a lawyer who represents many tournament organizers, esports players and esports teams, I realize that the issue of taxation...

Read moreDetails

Employment law for startups

Employment law for start-ups: Important regulations when building a team
10. October 2024

Building a competent and motivated team is crucial to the success of a start-up. However, founders must observe a variety...

Read moreDetails

Agencies: Attention, ideas not protected!

Agencies: Attention, ideas not protected!
31. May 2019

For this reason, I would like to draw attention today to a problem that repeatedly falls on the feet of...

Read moreDetails

Searches in cases of “Google Fonts” cease-and-desist letters

Searches in cases of “Google Fonts” cease-and-desist letters
3. January 2023

In proceedings against two defendants - a 53-year-old lawyer based in Berlin and his 41-year-old client, the alleged representative of...

Read moreDetails

Public consultation on copyright reform

copyright
7. November 2022

The Federal Ministry of Justice and for Consumer Protection (BMJV) is conducting a public consultation on the implementation of the...

Read moreDetails

A comprehensive guide to the imprint requirement for streamers

A comprehensive guide to the imprint requirement for streamers
5. November 2018

In recent weeks, I have received numerous inquiries regarding the imprint requirement for Twitch streamers and YouTubers. Therefore, I decided...

Read moreDetails

The future of the Internet: Web3 and the new law

The future of the Internet: Web3 and the new law
30. December 2022

Web3 - the next generation of the Internet The next generation of the Internet - Web3 - is just around...

Read moreDetails

Cold Contacting on LinkedIn: Current ruling of the OLG Hamm and what it means for you

Cold Contacting on LinkedIn: Current ruling of the OLG Hamm and what it means for you
6. September 2023

In the digital world, we are all constantly connected, and platforms like LinkedIn offer us the opportunity to expand our...

Read moreDetails

Why work with a lawyer as a streamer?

youtube 3503481 960 720
30. January 2020

From last year's experience, I would like to accumulate in this article ten tips that YouTubers and streamers on the...

Read moreDetails
Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung
Online retail

Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

7. July 2025

Die Vertragsänderung durch Schweigen ist wieder im Fokus. In zwei aktuellen Entscheidungen (November 2024 und Juni 2025) hat der Bundesgerichtshof...

Read moreDetails
So langsam nimmt der Shop Form an

So langsam nimmt der Shop Form an

3. July 2025
Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

2. July 2025
Altersverifikation im Internet: Pflichten für Anbieter in Deutschland und Europa

Altersverifikation im Internet: Pflichten für Anbieter in Deutschland und Europa

30. June 2025
KI-Training und Urheberrecht: US-Gericht setzt auf Fair Use – was bedeutet das für KI und was gilt in Deutschland?

KI-Training und Urheberrecht: US-Gericht setzt auf Fair Use – was bedeutet das für KI und was gilt in Deutschland?

26. June 2025

Podcastfolge

Startups und Innovation in Deutschland – Herausforderungen und Chancen

Startups und Innovation in Deutschland – Herausforderungen und Chancen

25. September 2024

In dieser aufschlussreichen Podcast-Episode wird ein tiefgreifender Blick auf die Startup- und Innovationslandschaft in Deutschland und Europa geworfen. Die Diskussion...

Read moreDetails
Rechtliche Beratung für Startups – Investitionen, die sich lohnen

Rechtliche Beratung für Startups – Investitionen, die sich lohnen

17. November 2024
Der unkonventionelle Anwalt: Ein Nerd im Dienste des Rechts

Der unkonventionelle Anwalt: Ein Nerd im Dienste des Rechts

25. September 2024
Die Romantisierung des Prinzips ‘Fail Fast’ in Startups – Wann wird Scheitern zur Täuschung gegenüber Beteiligten?

Die Romantisierung des Prinzips ‘Fail Fast’ in Startups – Wann wird Scheitern zur Täuschung gegenüber Beteiligten?

20. April 2025
Web3, Blockchain und Recht – Eine kritische Bestandsaufnahme

Web3, Blockchain und Recht – Eine kritische Bestandsaufnahme

25. September 2024

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung